CN110414200A

CN110414200A - Auth method, device, storage medium and computer equipment

Info

Publication number: CN110414200A
Application number: CN201910277029.7A
Authority: CN
Inventors: 崔齐; 耿志军; 郭润增; 王少鸣
Original assignee: Guangzhou Tencent Technology Co Ltd
Current assignee: Guangzhou Tencent Technology Co Ltd
Priority date: 2019-04-08
Filing date: 2019-04-08
Publication date: 2019-11-05
Anticipated expiration: 2039-04-08
Also published as: CN110414200B; US20210344675A1; US11936647B2; US20240214376A1; JP2022507315A; WO2020207189A1; JP7142778B2

Abstract

This application involves a kind of auth method, device, computer readable storage medium and computer equipments, which comprises obtains biometric image；In local security region, the biological information in the biometric image is extracted；The biological information is encrypted in the local security region, obtains encrypted feature information, and the encrypted feature information is transmitted to the application program run in local general areas；The encrypted feature information is sent to authentication server by the application program；The encrypted feature information sent is used to indicate the authentication server and the encrypted feature information is decrypted to obtain biological information, and the biological information obtained according to decryption carries out authentication and obtains authentication result；By the application program, the authentication result of the authentication server feedback is received.The safety of authentication can be improved in scheme provided by the present application.

Description

Auth method, device, storage medium and computer equipment

Technical field

This application involves biometrics identification technology fields, more particularly to a kind of auth method, device, computer Readable storage medium storing program for executing and computer equipment.

Background technique

With the development of computer technology, there is biometrics identification technology, biometrics identification technology is to utilize people The intrinsic physiological characteristic of body (for example, fingerprint, iris, face phase, DNA etc.) or behavioural characteristic (for example, gait, keystroke habit etc.) To carry out the technology of subscriber authentication.Identity verification mode under traditional line, for example body is carried out by recognition of face under line Part verifying, face calculating is carried out usually in the conventional environment of accepting terminal, obtains results of intermediate calculations, then by intermediate computations knot Fruit is uploaded to server, and server carries out final authentication.

However, the auth method under traditional line, results of intermediate calculations is easy to meet with during calculating and transmission To malice man-in-the-middle attack, there are the risks of leaking data, and leading to authentication, there are security risks.

Summary of the invention

Based on this, it is necessary to there is technical issues that for traditional authentication mode, provide a kind of body Part verification method, device, computer readable storage medium and computer equipment.

A kind of auth method, comprising:

Obtain biometric image；

In local security region, the biological information in the biometric image is extracted；

The biological information is encrypted in the local security region, obtains encrypted feature information, and will The encrypted feature information is transmitted to the application program run in local general areas；

The encrypted feature information is sent to authentication server by the application program；The encrypted feature sent Information is used to indicate the authentication server and is decrypted to obtain biological information, and foundation to the encrypted feature information It decrypts obtained biological information progress authentication and obtains authentication result；

By the application program, the authentication result of the authentication server feedback is received.

A kind of authentication means, described device include:

Module is obtained, for obtaining biometric image；

Extraction module, for extracting the biological information in the biometric image in local security region；

Encrypted transmission module is obtained for encrypting in the local security region to the biological information Encrypted feature information, and the encrypted feature information is transmitted to the application program run in local general areas；

Sending module, for the encrypted feature information to be sent to authentication server by the application program；It sends The encrypted feature information, be used to indicate the authentication server and be decrypted to obtain biological spy to the encrypted feature information Reference breath, and the biological information obtained according to decryption carries out authentication and obtains authentication result；

Receiving module, for receiving the authentication knot of the authentication server feedback by the application program Fruit.

A kind of computer readable storage medium is stored with computer program, when the computer program is executed by processor, So that the processor executes following steps:

Obtain biometric image；

A kind of computer equipment, including memory and processor, the memory are stored with computer program, the calculating When machine program is executed by the processor, so that the processor executes following steps:

Obtain biometric image；

Above-mentioned auth method, device, computer readable storage medium and computer equipment, in local security region In, the biological information in biometric image is extracted, then encrypt to biological information, obtains encrypted feature letter Breath.By the application program run in local general areas, encrypted feature information is transmitted to authentication server to carry out body Part verifying, obtains authentication result.In this way, extracting the biological characteristic letter in biometric image in local security region Breath, can be effectively prevented from calculating process by the risk of malice man-in-the-middle attack.It is tested biological information to be transferred to When demonstrate,proving server to carry out authentication, once biological information is to be transmitted to general areas, then cryptographic operation is carried out, this Sample can effectively avoid the risk that biological information is tampered, and substantially increase the safety of authentication.

Detailed description of the invention

Fig. 1 is the applied environment figure of auth method in one embodiment；

Fig. 2 is the flow diagram of auth method in one embodiment；

Fig. 3 is the schematic diagram of key exchanged form in one embodiment；

Fig. 4 is the architecture diagram of authentication system in one embodiment；

Fig. 5 is flow diagram the step of triggering resource transfers in one embodiment；

Fig. 6 is the timing diagram of face authentication method in one embodiment；

Fig. 7 is the flow diagram of auth method in one embodiment；

Fig. 8 is the structural block diagram of authentication means in one embodiment；

Fig. 9 is the structural block diagram of authentication means in another embodiment；

Figure 10 is the structural block diagram of computer equipment in one embodiment.

Specific embodiment

It is with reference to the accompanying drawings and embodiments, right in order to which the objects, technical solutions and advantages of the application are more clearly understood The application is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the application, and It is not used in restriction the application.

Fig. 1 is the applied environment figure of auth method in one embodiment.Referring to Fig.1, the auth method application In authentication system.The authentication system includes video capture device 110, accepting terminal 120 and authentication server 130. Video capture device 110 and accepting terminal 120 pass through connecting line or network connection.Accepting terminal 120 and authentication server 130 are logical Cross network connection.Accepting terminal 120 can obtain biometric image from the video or image that video capture device 110 acquires, To realize the auth method jointly with authentication server 120.Accepting terminal 120 specifically can be terminal console or movement Terminal, mobile terminal specifically can be at least one of mobile phone, tablet computer, laptops etc..Authentication server 130 can be with It is realized with the server cluster of the either multiple server compositions of independent server.

Wherein, accepting terminal 120 specifically can be service processing equipment, when the auth method is applied to access control When system, which specifically can be access control equipment；When the auth method is applied to payment system, The accepting terminal 120 specifically can be payment devices etc. under line.It is appreciated that when the auth method is applied to different need When carrying out in the operation system of authentication, accepting terminal specifically can be corresponding service processing equipment.

As shown in Fig. 2, in one embodiment, providing a kind of auth method.The present embodiment is mainly in this way It is illustrated applied to the accepting terminal 120 in above-mentioned Fig. 1.Referring to Fig. 2, which specifically includes following step It is rapid:

S202 obtains biometric image.

Wherein, biometric image is the image for including biological characteristic, for carrying out authentication.Biological characteristic is people The intrinsic physiological characteristic of body (for example, fingerprint, iris, face phase, DNA etc.) or behavioural characteristic (such as gait, keystroke habit Deng).In this application, biometric image specifically can be the physiological characteristic image generated according to user, be also possible to Behavioural characteristic image generated according to user.Wherein, according to the physiological characteristic image generated of user, such as by sweeping Retouch user's face facial image generated, according to the user fingerprints fingerprint image generated of acquisition or according to the use of acquisition Family iris iris image generated etc..According to the behavioural characteristic image generated of user, such as according to the signature institute of user The image of generation or sound vocal print figure generated etc. according to user.

Specifically, accepting terminal can be by built-in camera or external with the associated camera of accepting terminal, In Under the current visual field of camera, the picture frame of reality scene is acquired, and obtain the picture frame collected.Accepting terminal can be to adopting Collect obtained picture frame to be detected, when in picture frame there are when biological characteristic, using the picture frame of acquisition as biological characteristic figure. For example, accepting terminal, which can detect, whether there is facial image in the picture frame, if it exists facial image by taking facial image as an example, The picture frame is then obtained as facial image.

Wherein, the picture frame for acquiring reality scene can be the picture frame of living body in acquisition reality scene, be also possible to adopt Collect the picture frame of the existing image in reality scene comprising biological characteristic.Existing image comprising biological characteristic, for example include people The existing image of face, the existing image comprising fingerprint or existing image comprising user's signature etc..To have figure comprising face As for example, such as the existing image is identity document or human face photo etc..

In one embodiment, accepting terminal can be connect by connecting line or network with video capture device, video acquisition Equipment includes camera.Camera can be monocular cam, binocular camera, RGB-D (Red-Green-Blue- Deep) camera or 3D (3Dimensions, three-dimensional) camera such as 3D structure light video camera head etc..Accepting terminal can call view Frequency acquisition equipment, to open camera-shooting scanning mode, and the target object in real time scan camera view, and according to certain frame Rate generates picture frame in real time, and picture frame generated can be buffered in video capture device.Video capture device is by the figure of caching As frame is sent to accepting terminal.

In one embodiment, video capture device can be connected with accepting terminal by connecting line, for example pass through USB The connection of (Universal Serial Bus, universal serial bus) interface.Video capture device scans target object, generates video Data, and by video data transmission to accepting terminal.It wherein, is the safety for ensureing video data, video capture device can be right After video data is encrypted, then it is transmitted to accepting terminal.

In one embodiment, step S202, that is, the step of obtaining biometric image are specific can include: receive view Frequency acquisition equipment encrypt acquired enciphered video data and corresponding with video capture device to the video data of acquisition First signature；First signature is that video capture device is encrypted to obtain by the first private key pair encryption video data；By with Corresponding first public key verifications first of first private key are signed；After the first signature verification passes through, decrypted in local security region Enciphered video data obtains video data；The video data obtained in local security region according to decryption, determines biological characteristic Image.

In one embodiment, mountable in video capture device to have safe processing chip, when video capture device is to mesh Mark object is scanned, and after collecting video data, can be added by the symmetric key pre-set to video data It is close, obtain enciphered video data.

Further, video capture device is encrypted to obtain the first signature by the first private key pair encryption video data, First private key is corresponding with video capture device.Again by enciphered video data and the first signature transmission to accepting terminal.This Sample, accepting terminal can verify the first signature by the first public key corresponding with the first private key, to verify video capture device Identity.After the first signature verification passes through, accepting terminal can be decrypted in local security region by symmetric key, with To video data.After accepting terminal decrypts to obtain video data, can extract from video data includes biological nature Picture frame is as biometric image.

In one embodiment, accepting terminal can detect the picture frame for including in video data, when in picture frame There are when biological characteristic, using the picture frame of acquisition as biological characteristic figure.For example, accepting terminal can be examined by taking facial image as an example It surveys with the presence or absence of facial image in the picture frame, facial image, then obtain the picture frame as facial image if it exists.At one In embodiment, when the camera of video capture device is 3D camera, the picture frame of video capture device acquisition includes one by one Corresponding depth map and cromogram, accepting terminal can will include biological characteristic and corresponding depth map and cromogram are common As biometric image.

It is the schematic diagram of key exchanged form in one embodiment with reference to Fig. 3, Fig. 3.In one embodiment, it is regarded to ensure Confidentiality of the frequency evidence in transmission process, video capture device and accepting terminal can be intercoursed asymmetric in production environment Public key, to complete the two-way authentication between video capture device and accepting terminal.Wherein, production environment refers to that equipment is sold investment and made With the preceding stage.In one embodiment, respective public key can be also uploaded to verifying clothes by video capture device and accepting terminal Business device, verifies identity for authentication server.In this way, video capture device and accepting terminal are carrying out data transmission respectively When, so that it may it is signed by respective private key, in this way, data receiver can ensure data source by verifying signature Reliability.

Correspondingly, authentication server can issue symmetric key to accepting terminal, and symmetric key is transmitted to by accepting terminal again Video capture device.In this way, video capture device can be encrypted video data by the symmetric key, accepting terminal It can be decrypted to obtain video data by the symmetric key in local security region, ensure that video data is being transmitted across Safety in journey.When the biological information of extraction is transmitted to authentication server by accepting terminal needs, accepting terminal can Biological information is encrypted to obtain encrypted feature information by the symmetric key issued, encrypted feature information is transmitted to Authentication server has ensured safety of the biological information in transmission process.

It is appreciated that the symmetric key can be what server issued, it is also possible to accepting terminal or video capture device It is transmitted to other equipment after generation, only need to ensure that each equipment can be carried out safe data communication, the embodiment of the present application In do not limit this.It is further appreciated that video capture device and accepting terminal can share the first symmetric key, video acquisition is set Standby to pass through the first symmetric key encryption, accepting terminal passes through the first symmetric key decryption.Accepting terminal and authentication server are shared Second symmetric key, accepting terminal pass through the second symmetric key decryption by the second symmetric key encryption, authentication server.Its In, the first symmetric key and the second symmetric key specifically can be identical symmetric key, be also possible to different symmetric keys.

In above-described embodiment, video capture device is by the video data encrypted transmission of acquisition to accepting terminal, accepting terminal Biometric image is obtained after decrypting in safe zone, in this way, using encryption safe between video capture device and accepting terminal Transmission mode can guarantee biometric image not by man-in-the-middle attack and leakage, and accepting terminal is in safe zone to adding Close video data is decrypted, and is greatly improved the safety of authentication.

S204 extracts the biological information in biometric image in local security region.

Wherein, local security region is the safety zone of accepting terminal local, and the operation carried out in safe zone is peace Full operation.Safety zone (Trusted Execution Environment, abbreviation TEE), also referred to as secure and trusted area Domain, TEE are isolated from REE (Rich Execution Environment, fly-by-night execution region, also referred to as general areas), External computer device can only be communicated by specific entrance with TEE.Thus, it is extracted in accepting terminal local security region Biological information in biometric image is a kind of safe and reliable operation, can ensure to the process of biological characteristic processing and As a result safety.

Biological information is the information for reacting biological characteristic, can be used for carrying out authentication.Biological information is specific It can be from colouring information relevant to biological characteristic, texture information and shape information extracted in biometric image etc. One or more of combinations.For example, the coordinate information of biological characteristic point, reflect biological characteristic pixel color Distribution value and Pixel brightness Distribution value and the pixel depth of biometric image etc..

It is illustrated by taking facial image as an example, when biometric image includes facial image, accepting terminal is from face figure The biological information extracted as in specifically may include face location information.Wherein, face location information refer to face profile, The distance between each face's organ such as hair style, ear, eyes, nose, mouth or the information for positioning coordinate.Such as two eye distance from, Nose and eye-angle, alternatively, mouth and nose distance etc..

It is illustrated by taking fingerprint image as an example again, accepting terminal can take the fingerprint streakline in image in local security region With the information of line type, wherein line type is that the regular arrangement of streakline is formed by.The biological information of fingerprint image for example, Starting point, terminal, binding site and bifurcation of streakline etc..

Specifically, biometric image can be transmitted to local security area after obtaining biometric image by accepting terminal In domain, in local security region, the biological information in biometric image is extracted.In one embodiment, end is accepted After termination receives enciphered video data, enciphered video data is forwarded in local security region in inside, in safe zone Enciphered video data is decrypted, video data is obtained, then determines biometric image from video data.And then in local In safety zone, biometric image is handled, obtains biological information.

In one embodiment, accepting terminal can be in local security region, according to the image characteristics extraction plan pre-seted Slightly extract the information of biological characteristic in biometric image.Wherein, the image characteristics extraction strategy pre-seted can be preset The feature extraction machine learning model etc. that image characteristics extraction algorithm or in advance training are completed.

In one embodiment, biometric image includes facial image；Biological information include face location information, Target face depth map and target face cromogram.Step S204, that is, in local security region, extract biological characteristic figure As in biological information the step of specifically include: in local security region, in facial image face characteristic click through Row identification, obtains face location information；Determine the candidate face depth map and candidate face cromogram for including in facial image；It is right Candidate face depth map carries out noise reduction process, obtains target face depth map；It is pre- that satisfaction is filtered out from candidate face cromogram If the target face cromogram of condition.

Wherein, target face depth map be reflect target object surface between viewpoint at a distance from image.Target face Each pixel value is the actual range of sensor distance target object in video capture device in depth map.Target face cromogram It is RGB (Red-Green-Blue) figure of face, can intuitively reflects face.Target face cromogram and target face depth map It is registration, there is one-to-one relationship between pixel.

Specifically, accepting terminal can identify the human face characteristic point in facial image, obtain in local security region To face location information.For example, accepting terminal may recognize that each face such as profile, hair style, ear, eyes, nose, mouth of face Portion's organ, then determine the location information between each face's organ, for example, two eye distances from, nose and eye-angle, alternatively, mouth with Nose distance etc..

In one embodiment, accepting terminal can extract face characteristic by convolutional neural networks from facial image Figure identifies each human face according to face characteristic figure, and then determines each human face respectively or mutual coordinate bit It sets.

In one embodiment, video capture device can acquire facial image by 3D structure light video camera head, wherein acquisition Facial image include multiple groups face depth map and face cromogram, alternatively referred to as candidate face depth map and candidate face colour Figure.Accepting terminal can carry out noise reduction process to candidate face depth map, obtain target face depth in local security region Figure.Wherein, noise reduction mode specifically can be is gone by mean filter, adaptive wiener filter, median filter or small echo The modes such as make an uproar carry out noise reduction, are also possible to other image noise reduction processing modes, the application is it is not limited here.Accepting terminal can The face cromogram work for meeting the conditions such as handsome, portrait is placed in the middle, does not close one's eyes is filtered out from multiple candidate face cromograms For target face cromogram.It is appreciated that target face depth map determined by accepting terminal and target face cromogram are phases It is mutually registrated, there is one-to-one relationship between pixel.

In one embodiment, face location information, target face depth map and target face cromogram are for verifying Effective face information of the user identity of user corresponding to the facial image.Wherein, target face depth map and target face are color The quantity of chromatic graph can specifically be determined as one or more according to actual conditions, and the embodiment of the present application is it is not limited here.

In above-described embodiment, in local security region, face location information is extracted from facial image, and from candidate The target face depth map and target face cromogram of high quality are filtered out in face depth map and candidate face cromogram, quite Effective face information is obtained in having carried out preliminary pretreatment to facial image.Effective face information is transmitted to verifying again Server can improve efficiency of transmission to carry out authentication well, and reduce authentication server and carry out algorithmic match processing It is time-consuming.

S206 encrypts biological information in local security region, obtains encrypted feature information, and will encryption Characteristic information is transmitted to the application program run in local general areas.

Wherein, local general areas is the general areas of accepting terminal.General areas is also referred to as fly-by-night execution Region (abbreviation REE).General areas, that is, all available region of general computer equipment, can run common operation system System and application program.For example, Android system is exactly to operate in Non Security World, that is, operate in general areas In.The application program run in general areas can by network and it is extraneous carry out data communication, thus be also easier by The third party attack of malice, therefore, general areas is such without image of Buddha safety zone, ensures the safety of data.

Specifically, accepting terminal can encrypt biological information in local security region, obtain encrypted feature Information, and encrypted feature information is transmitted to the application program run in local general areas.The application program specifically can be with It is application program corresponding with authentication server, for carrying out data communication with authentication server.

In one embodiment, can the hardware and software environment in advance to accepting terminal be transformed, with from accepting terminal General areas in mark off partial region as safety zone.It specifically can be by trustzone technology to the hard of accepting terminal Part and software environment are transformed, so that a safety zone is provided from the processor of accepting terminal, simultaneously with general areas Row exists.Safety zone can provide the performing environment of an isolation, guarantee isolated execution, the integrality of trusted application, credible number According to confidentiality and secure storage etc..

In one embodiment, biological information is encrypted in local security region, obtains encrypted feature letter Breath, and the step of encrypted feature information is transmitted to the application program run in local general areas specifically includes: in local Biological information is encrypted in safety zone, obtains encrypted feature information；Pass through the second private key pair encryption characteristic information It is encrypted to obtain the second signature；By encrypted feature information and the second signature transmission to the application run in local general areas Program.

Specifically, accepting terminal can encrypt biological information by symmetric key in local security region, Obtain encrypted feature information.It is encrypted by the second private key pair encryption characteristic information corresponding with accepting terminal, obtains second Signature.Accepting terminal can by encrypted feature information and the second signature transmission to the application program run in local general areas, The second signature and encrypted feature information are transmitted to authentication server by the application program.In this way, ensureing biological characteristic letter While ceasing the safety of transmission, the reliability of data source can also be ensured by the second signature, has greatly reinforced biological spy The safety of reference breath transmission.

Encrypted feature information is sent to authentication server by application program by S208；The encrypted feature information of transmission is used Encrypted feature information is decrypted in instruction authentication server to obtain biological information, and special according to the biology that decryption obtains Reference breath carries out authentication and obtains authentication result.

Wherein, authentication the result is that biological information carry out authentication obtain as a result, specific can be with It is to be verified or verify unacceptable as a result, can also be the subscriber identity information of determining relative users.Wherein, Yong Hushen Part information, such as user identifier or user account etc..Specifically, accepting terminal can be believed encrypted feature by the application program Breath is sent to authentication server.After authentication server receives encrypted feature information, using corresponding decruption key to encryption Characteristic information is decrypted to obtain biological information, and the biological information obtained according to decryption carries out authentication and obtains Authentication result.

In one embodiment, after authentication server receives encryption feature information, can advanced row business authentication it is legal Property inspection, that is, check network request legitimacy, i.e. network data integrality etc..When the legitimacy detection of business authentication passes through Afterwards, then authentication is carried out.

In one embodiment, the biological information that authentication server can be obtained according to decryption carries out In vivo detection, with Detect whether the corresponding biology of the biological information is living body.When recognizing living body, then according to the biological information into Row authentication.

In one embodiment, authentication is carried out to biological information to specifically refer to according to biological information into life The process of object identification.Specifically, authentication server can propose biological information progress feature by convolutional neural networks structure It takes, obtains corresponding feature vector, such as face feature vector, fingerprint characteristic vector or iris feature vector etc..Again will in turn This feature vector is compared one by one with each feature vector sample in pre-stored feature vector sample set, determines the spy Levy the similarity degree of vector and each feature vector sample.The similarity degree can be understood as the corresponding user of this feature vector and spy Levy the confidence level that the corresponding user of vector sample is same user.This feature vector and the similarity degree of feature vector sample are got over Height indicates that the corresponding user of this feature vector user corresponding with feature vector sample is that same user is more credible.

In one embodiment, accepting terminal can calculate the similarity between this feature vector and feature vector sample, into And judge whether the similarity is more than or equal to default similarity threshold, determine that user to be verified is that corresponding similarity is more than or equal to User corresponding to the feature vector sample of default similarity threshold, and then obtain user identity corresponding with the user determined and believe Breath.Wherein, default similarity threshold is the numerical value of the pre-set minimum similarity degree that can determine that authentication result.Default phase It is the worst error that the feature vector contrast verification identity determined according to many experiments is allowed like degree threshold value.

The similarity between this feature vector and feature vector sample is calculated, the difference between two feature vectors can be specifically calculated Different, the more big then similarity of difference between feature vector is lower, and the smaller then similarity of difference between feature vector is higher.It is similar The Hamming distance etc. of respective perceptual hash value between cosine similarity or image can be used in degree.

In one embodiment, accepting terminal encrypts biological information in local security region, is added Close characteristic information；It is encrypted to obtain the second signature by the second private key pair encryption characteristic information；By encrypted feature information and Two signature transmissions are signed encrypted feature information and second by application program to the application program run in local general areas Name is sent to authentication server；Encrypted feature information and the second signature are used to indicate authentication server according to corresponding with the second private key The second public key verifications second signature be decrypted to obtain biological spy to encrypted feature information after the second signature is by verifying Reference breath, and the biological information obtained according to decryption carries out authentication, obtains authentication result.

In one embodiment, authentication server can sign according to the second public key verifications second corresponding with the second private key, After the second signature is by verifying, encrypted feature information is decrypted by corresponding symmetric key to obtain biological characteristic letter Breath, and the biological information obtained according to decryption carries out authentication, obtains authentication result.In this way, ensureing biology While the safety of characteristic information transmission, the reliability of data source can also be ensured by the second signature, is greatly reinforced The safety of biological information transmission.

In one embodiment, biometric image includes facial image；Biological information include face location information, Target face depth map and target face cromogram.Encrypted feature information is sent to authentication server by application program, is tested Card server is decrypted encrypted feature information to obtain face location information, target face depth map and target face colour Figure.Authentication server handles face location information, target face depth map and target face cromogram, obtains face spy Vector is levied, face feature vector is compared with face feature vector sample, obtains authentication result.

Specifically, face location information, target face depth map and target person that authentication server can be obtained according to decryption Face cromogram carries out In vivo detection.When detecting living body, authentication server can be by convolutional neural networks structure to face position Confidence breath, target face depth map and target face cromogram are handled, and corresponding face feature vector is obtained.Again will in turn Each face feature vector sample in the face feature vector and pre-stored face feature vector sample set carries out one by one It compares, determines the subscriber identity information of user corresponding with the face feature vector.

It is by application program that face location information, target face depth map and target face is colored in above-described embodiment Figure encrypted transmission is to authentication server, so that authentication server can be to face location information, target face depth map and target person Face cromogram is handled, and face feature vector is obtained.Face feature vector is compared with face feature vector sample again, The identity that the facial image corresponds to user can be accurately determined.

S210 receives the authentication result of authentication server feedback by application program.

Specifically, authentication server completes authentication, can be by being connected to the network identity after obtaining authentication result Verification result feeds back to the application program.Accepting terminal can receive the authentication of authentication server feedback by the application program As a result.

In one embodiment, which includes identified after carrying out authentication to biological information The identity information of user specifically may include the user identifier and associated resource account etc. of the user.

It in one embodiment, can be according to this after accepting terminal receives the authentication result that authentication server is fed back Authentication result executes corresponding business processing.For example, can be tested according to identity when the accepting terminal is access control equipment Card result executes the operation let pass or do not let pass；It, can be according to the authentication knot when the accepting terminal is payment devices under line Fruit executes resource transfers operation.

Above-mentioned auth method extracts the biological information in biometric image in local security region, then Biological information is encrypted, encrypted feature information is obtained.It, will by the application program run in local general areas Encrypted feature information is transmitted to authentication server to carry out authentication, obtains authentication result.In this way, in local security area In domain, the biological information in biometric image is extracted, can be effectively prevented from calculating process by malice go-between The risk of attack.When biological information is transferred to authentication server to carry out authentication, once biological information It is to be transmitted to general areas, then carry out cryptographic operation, can effectively avoid the risk that biological information is tampered in this way, greatly The safety of authentication is improved greatly.

In one embodiment, which further includes the steps that triggering video acquisition, which specifically includes: Pass through application rollouts operation interface；When detecting the trigger action for acting on operation interface, video acquisition instruction is generated； Video acquisition instruction is sent to video capture device；It includes life that video acquisition instruction, which is used to indicate video capture device acquisition, The video data of object feature.

Wherein, trigger action is the predetermined registration operation for acting on operation interface, generates video acquisition instruction for triggering, specifically It can be touch operation, cursor operations, button operation or voice operating etc..Wherein, touch operation can be touch and click behaviour Make, touch pressing operation perhaps touches slide touch operation and can be single-touch operation or multiple point touching operation；Light The operation that mark operation can be the operation that control cursor is clicked or control cursor is pressed；Button operation can be void Quasi- button operation or physical button operation etc..

Specifically, accepting terminal can carry out phase by the operation interface by application rollouts operation interface, user Close operation.When accepting terminal detects the trigger action for acting on the operation interface, video acquisition instruction is generated.And then it accepts Video acquisition instruction is sent to video capture device by terminal, which scans mesh after receiving video acquisition instruction It marks object and acquires video data.

The step is described in detail below by citing.Firstly, in accepting terminal boundary can be operated by application rollouts Face.The virtual push button for having triggering face acquisition operation is shown in the operation interface, user can click the virtual push button, to generate Face acquisition instructions.The face acquisition instructions are sent to video capture device by accepting terminal, and video capture device passes through camera shooting Head scanning target object human face region, obtain include face video data.

In one embodiment, video capture device can be by the peace of collected video data encrypted transmission to accepting terminal Entire area, so that accepting terminal can determine biometric image from video data in safe zone.

In above-described embodiment, by the operation interface of application program, user can trigger video capture device and acquire video counts According to movement, conveniently and efficiently obtain include biological characteristic video data.

In one embodiment, step S204, that is, in local security region, extract the life in biometric image The step of object characteristic information, specifically includes: in local security region, carrying out In vivo detection to biometric image, is detected As a result；When testing result expression recognizes living body, the biological information in biometric image is extracted.

Wherein, In vivo detection be detect biometric image in target object whether be live subject detection.Specifically Ground, accepting terminal can be extracted in biometric image in local security region and characterize the characteristic pattern of biological characteristic (also referred to as Feature vector), then classification processing is carried out to biometric image according to the characteristic pattern extracted.When the characteristic pattern of extraction meets living body When the characteristic pattern of biometric image, biometric image is classified to living body biological image class.When the feature of extraction is general meet it is non- When the characteristic pattern of living body biological image, biometric image is classified to non-living body biometric image class.Further, when detection is tied Fruit indicates when recognizing living body, that is, when the biometric image belongs to living body biological image class, accepting terminal extracts life again Biological information in object characteristic image.

In one embodiment, accepting terminal carries out In vivo detection to biometric image in local security region, when When recognizing non-living body, be rejected by and the biometric image be transmitted to authentication server, with protect authentication server not by into The attack of row illegal image.In one embodiment, accepting terminal periodically locally can dispose non-living body biometric image, to mitigate Cache pressure.

It is appreciated that carrying out In vivo detection for the safety for ensureing authentication in accepting terminal, being directed to 2D or 3D The simple attack of head mould, can directly refuse, efficiency is higher, network request is saved, to protect authentication server not in accepting terminal By carry out illegal image attack.

It is the architecture diagram of authentication system in one embodiment with reference to Fig. 4, Fig. 4.As shown in figure 4, video capture device Face video data can be acquired by 3D structure light video camera head, face video data are encrypted by safe processing chip, And it is transmitted to accepting terminal (accepting terminal here specifically can be automatic teller machine).Accepting terminal can pass through SoC (System on Chip, system level chip) face encryption video data is forwarded to TEE environment (namely local security region) inside it. Accepting terminal is taken out face encryption video data in TEE environment and is decrypted and face vivo identification, and preliminary judgement is No is living body.When recognizing living body, can locating human face position, generate results of intermediate calculations.To intermediate computations in TEE environment As a result it encrypts, and is sent in the REE environment of accepting terminal.Pass through the face application APP run in REE environment (Application) authentication server is transferred data to, which, which can be, provides the service of Cloud Server Device.Authentication server carries out authentication according to the data received.

In above-described embodiment, accepting terminal first carries out before extracting biological information and being transmitted to authentication server In vivo detection directly refuses simple attack caused by non-living body in accepting terminal, and efficiency is higher, saves network request, The time-consuming for reducing authentication server backstage algorithmic match further improves authentication efficiency.

In one embodiment, in local security region, In vivo detection is carried out to biometric image, obtains detection knot The step of fruit, specifically includes: in local security region, being extracted in biometric image and is characterized by the convolutional layer of identification model The characteristic pattern of biological characteristic；By the full articulamentum of identification model, classifies according to characteristic pattern to biometric image, obtain Biometric image is the confidence level of living body biological image；Confidence level indicates to recognize the probability of living body；Be greater than when confidence level or When equal to confidence threshold value, then determine to recognize living body.

Wherein, identification model is the machine learning model after training with feature extraction and feature recognition capability.Machine Device English learning full name is Machine Learning, abbreviation ML.Machine learning model can have feature by sample learning and mention It takes and feature recognition capability.Neural network model, support vector machines or Logic Regression Models etc. can be used in machine learning model.

Convolutional layer is the feature extraction layer in convolutional neural networks.Convolutional layer can be multilayer, and every layer of convolutional layer has pair The convolution kernel answered, every layer of convolution kernel can be multiple.Convolutional layer carries out convolution algorithm by image of the convolution kernel to input, mentions Characteristics of image is taken to obtain characteristic pattern as operation result.

Full articulamentum (fully connected layers, FC) is the tagsort layer in convolutional neural networks, is used for The characteristic pattern of extraction is mapped to corresponding classification according to the distributed nature mapping relations learnt.

In one embodiment, identification model can be the complex network mould for being interconnected by multitiered network structure and being formed Type.Identification model may include multilayer convolutional layer, and every layer of convolutional layer has corresponding model parameter, and every layer of model parameter can be It is multiple.Model parameter in every layer of convolutional layer linearly or nonlinearly changes the image of input, obtains characteristic pattern (Feature Map) is used as operation result.Each convolutional layer receives the operation result of preceding layer, by the operation of itself, under One layer of operation result for exporting this layer.Wherein, model parameter is the parameters in model structure, can each layer output of reaction model With the corresponding relationship of input.

In one embodiment, biological characteristic figure can be input to identification model in local security region by accepting terminal In, linearly or nonlinearly variation is successively carried out to the biometric image of input by the convolutional layer for including in identification model and is grasped Make, until the last layer convolutional layer completes linearly or nonlinearly variation operation in identification model, accepting terminal is to according to identification Model the last layer convolutional layer output as a result, obtain for biometric image currently entered extract characteristic pattern.

Further, accepting terminal can be obtained using the characteristic pattern that the last layer convolutional layer exports as the input of full articulamentum It is the confidence level of living body biological image to biometric image.Wherein, confidence level can directly be the biology of full articulamentum output Characteristic image is the score of living body biological image.Confidence level is also possible to accepting terminal will be complete by returning layer (softmax layers) The numerical value being located in numberical range (0,1) obtained after the score normalization of articulamentum output.At this point, confidence level can also manage Solution is the probability that biometric image is living body biological image.When the confidence level is greater than or equal to confidence threshold value, then determine Recognize living body.

In above-described embodiment, the characteristic pattern exported by the convolutional layer of identification model can preferably extract characterization The characteristic pattern of biological characteristic uses full articulamentum to classify to obtain biometric image for living body biological image further according to characteristic pattern Confidence level, so as to accurately determine whether to recognize living body according to confidence level.

In one embodiment, which further includes the steps that triggering resource transfers operation, and the step is specific It include: the resource transfers authority generated according to authentication result that authentication server feedback is received by application program；Foundation Resource transfers authority, triggering resource transfers operation.

Wherein, resource transfers authority is the necessary voucher that user carries out resource transfers.Specifically, authentication server can basis Authentication result generates corresponding resource transfers authority, and resource transfers authority is fed back to accepting terminal.Accepting terminal is logical Cross the resource transfers authority that application program receives authentication server feedback.And according to resource transfers authority, resource transfers behaviour is triggered Make.

In one embodiment, resource transfers authority has timeliness and disposable.Wherein, timeliness refers to when default Resource transfers operation is not executed according to the resource transfers authority in period, then the resource transfers authority will lose effectively Property.First resource transfer operation, the resource after resource transfers success can only be executed according to the resource transfers authority by disposably referring to Transfer authority just fails.

In one embodiment, authentication server can be generated at random according to user identifier and timestamp when secondary resource turns Move authority.Alternatively, authentication server can also according to where user identifier, timestamp, accepting terminal geographical location information and The information such as merchant identification corresponding with accepting terminal, it is random to generate when secondary resource transfers authority.

In one embodiment, in online lower payment scene, authentication server is by authentication result and resource transfers Authority returns to accepting terminal, and resource transfers authority can be transferred to by the application program of accepting terminal runs on local regular zone Trade company's application in domain, trade company, which applies, carries out resource transfers according to resource transfers authority.

In above-described embodiment, authentication server can feed back the resource transfers authority generated according to authentication result, the money Source transfer authority is for triggering resource transfers operation.It receives in this way, only working as according to authentication result resource generated The operation of corresponding resource transfers could be triggered when shifting authority, can Support Resource transfer operation legitimacy and safety, in turn It can be achieved to pay under the line of safety.

In one embodiment, which can be applied particularly to pay in scene under line, the authentication side Method further includes the steps that triggering resource transfers, the step specifically include:

S502, by application program receive authentication server feedback according to authentication result generate resource transfers with According to.

Specifically, authentication server can generate corresponding resource transfers authority according to authentication result, and resource is turned It moves authority and feeds back to accepting terminal.Accepting terminal is by application program reception authentication server feedback according to authentication result The resource transfers authority of generation.

S504 obtains resource transfers number and resource recipient's account corresponding with accepting terminal.

Specifically, accepting terminal can by trade company application determine resource transfers number, and with the trade company application associated by Resource recipient's account.In one embodiment, the article that user can need to be bought by trade company using selection, and determining and institute The resource quantized value for the values such as the article chosen is corresponding, also referred to as resource transfers number.

S506 determines corresponding resource provider account according to authentication result.

Specifically, the identity (including user identifier) of the user has been determined according to biological information when authentication server Afterwards, the user account of the user can be determined from the incidence relation of user identifier and user account with storage.In the present embodiment institute In the application scenarios of offer, the corresponding user account of the user, that is, resource provider account.

S508, according to resource transfers authority and resource transfers number, by resource transfers corresponding in resource provider account To resource recipient's account.

Specifically, resource transfers authority can be transmitted in trade company's application by accepting terminal, and trade company applies according to resource transfers Authority and resource transfers number, by resource transfers corresponding in resource provider account to resource recipient's account.In this way, user It just completes and is paid under safety line.

Below to be illustrated in the self-service scene checked of supermarket check out counters, user can be without mobile phone and wallet In the case where, shopping list is added in commodity with barcode scanning gun.Operation interface provided by automatic teller machine by supermarket triggers video Acquisition instructions scan user's face by video capture device.Video capture device by the video data encrypted transmission of acquisition extremely Automatic teller machine.Automatic teller machine execute previous embodiment provided by auth method, obtain authentication result and resource transfers with According to.Automatic teller machine is withholdd, and pay trade company according to resource transfers authority and resource transfers number from the account of user. In this way, user can carry out secure payment by face, whole process is without carrying wallet and mobile phone.

It, will be corresponding in resource provider account according to resource transfers authority and resource transfers number in above-described embodiment Resource transfers are to resource recipient account, it can be achieved that secure payment under line.

The technical solution of the application is described in detail so that recognition of face carries out authentication as an example below.It is with reference to Fig. 6, Fig. 6 The timing diagram of face authentication method in one embodiment.Such as Fig. 6, user is by running on the general areas (REE) of accepting terminal In application triggers face authentication request.Application program in the general areas (REE) of accepting terminal is run on to video It acquires equipment and sends face certification request.Video capture device is scanned target object according to the face certification request, obtains To video data.Video capture device is transmitted to video data ciphering signature in the safety zone (TEE) of accepting terminal.It accepts Terminal is in safe zone decrypted data source, pedestrian's face In vivo detection of going forward side by side.When recognizing living body, face letter is extracted Breath, encryption are sent to the application program run in general areas.By the application program by data penetration transmission to authentication server. Authentication server carries out recognition of face after carrying out rightness of business inspection according to the data received again, obtains authentication knot Fruit.Authentication result is fed back to application program by authentication server, passes through application rollouts authentication result.

In a specific embodiment, as shown in fig. 7, the auth method specifically includes the following steps:

S702 passes through application rollouts operation interface.

S704 generates video acquisition instruction when detecting the trigger action for acting on operation interface.

Video acquisition instruction is sent to video capture device by S706；Video acquisition instruction is used to indicate video acquisition and sets Standby acquisition includes the video data of biological characteristic.

S708, receive video capture device to the video data of acquisition encrypt acquired enciphered video data and The first signature corresponding with video capture device；First signature is that video capture device passes through the first private key pair encryption video data It is encrypted to obtain.

S710 is signed by the first public key verifications first corresponding with the first private key.

S712 decrypts enciphered video data in local security region and obtains video counts after the first signature verification passes through According to.

S714, the video data obtained in local security region according to decryption, determines biometric image.

S716 is extracted by the convolutional layer of identification model in local security region and is characterized biology in biometric image The characteristic pattern of feature.

S718 classifies to biometric image according to characteristic pattern, obtains biology by the full articulamentum of identification model Characteristic image is the confidence level of living body biological image；Confidence level indicates to recognize the probability of living body.

S720 then determines to recognize living body when confidence level is greater than or equal to confidence threshold value.

S722 extracts the biological information in biometric image when recognizing living body.

S724 encrypts biological information in local security region, obtains encrypted feature information.

S726 is encrypted to obtain the second signature by the second private key pair encryption characteristic information.

S728, by encrypted feature information and the second signature transmission to the application program run in local general areas.

Encrypted feature information and the second signature are sent to authentication server by application program by S730；Encrypted feature letter Breath and the second signature are used to indicate authentication server and sign according to the second public key verifications second corresponding with the second private key, when second After signature is by verifying, encrypted feature information is decrypted to obtain biological information, and special according to the biology that decryption obtains Reference breath carries out authentication, obtains authentication result.

S732 receives the authentication of authentication server feedback as a result, and according to authentication knot by application program The resource transfers authority that fruit generates.

S734 obtains resource transfers number and resource recipient's account corresponding with accepting terminal.

S736 determines corresponding resource provider account according to authentication result.

S738, according to resource transfers authority and resource transfers number, by resource transfers corresponding in resource provider account To resource recipient's account.

Fig. 7 is the flow diagram of auth method in one embodiment.Although should be understood that the process of Fig. 7 Each step in figure is successively shown according to the instruction of arrow, but these steps are not the inevitable sequence indicated according to arrow Successively execute.Unless expressly stating otherwise herein, there is no stringent sequences to limit for the execution of these steps, these steps can To execute in other order.Moreover, at least part step in Fig. 7 may include multiple sub-steps or multiple stages, These sub-steps or stage are not necessarily to execute completion in synchronization, but can execute at different times, these Sub-step perhaps the stage execution sequence be also not necessarily successively carry out but can be with the son of other steps or other steps Step or at least part in stage execute in turn or alternately.

As shown in figure 8, in one embodiment, providing authentication means 800, including obtains module 801, extracts Module 802, encrypted transmission module 803, sending module 804 and receiving module 805.

Module 801 is obtained, for obtaining biometric image.

Extraction module 802, for extracting the biological information in biometric image in local security region.

It is special to obtain encryption for encrypting in local security region to biological information for encrypted transmission module 803 Reference breath, and encrypted feature information is transmitted to the application program run in local general areas.

Sending module 804, for encrypted feature information to be sent to authentication server by application program；The encryption of transmission Characteristic information is used to indicate authentication server and encrypted feature information is decrypted to obtain biological information, and according to decryption Obtained biological information carries out authentication and obtains authentication result.

Receiving module 805, for receiving the authentication result of authentication server feedback by application program.

In one embodiment, the video data progress that module 801 is also used to receive video capture device to acquisition is obtained Enciphered video data obtained by encrypting and the first signature corresponding with video capture device；First signature sets for video acquisition It is standby to be encrypted to obtain by the first private key pair encryption video data；Pass through the first public key verifications first corresponding with the first private key Signature；After the first signature verification passes through, enciphered video data is decrypted in local security region and obtains video data；In local The video data obtained in safety zone according to decryption, determines biometric image.

In one embodiment, which further includes display module 806 and generation module 807, in which:

Display module 806, for passing through application rollouts operation interface.

Generation module 807, for when detecting the trigger action for acting on operation interface, generating video acquisition instruction.

Sending module 804, which is also used to instruct video acquisition, is sent to video capture device；Video acquisition is instructed for referring to Show that video capture device acquisition includes the video data of biological characteristic.

In one embodiment, extraction module 802 is also used in local security region, is lived to biometric image Physical examination is surveyed, and testing result is obtained；When testing result expression recognizes living body, the biological characteristic letter in biometric image is extracted Breath.

In one embodiment, extraction module 802 is also used in local security region, passes through the convolutional layer of identification model Extract the characteristic pattern that biological characteristic is characterized in biometric image；By the full articulamentum of identification model, according to characteristic pattern to life Object characteristic image is classified, and the confidence level that biometric image is living body biological image is obtained；Confidence level expression recognizes work The probability of body；When confidence level is greater than or equal to confidence threshold value, then determine to recognize living body.

In one embodiment, biometric image includes facial image；Biological information include face location information, Target face depth map and target face cromogram；Extraction module is also used in local security region, in facial image Human face characteristic point is identified, face location information is obtained；Determine the candidate face depth map for including in facial image and candidate Face cromogram；Noise reduction process is carried out to candidate face depth map, obtains target face depth map；From candidate face cromogram Filter out the target face cromogram for meeting preset condition.

In one embodiment, the encrypted feature information of transmission is used to indicate authentication server and carries out to encrypted feature information Decryption obtains face location information, target face depth map and target face cromogram, and indicates authentication server to face position Confidence breath, target face depth map and target face cromogram are handled, and face feature vector are obtained, by face feature vector It is compared with face feature vector sample, obtains authentication result.

In one embodiment, encrypted transmission module 803 be also used in local security region to biological information into Row encryption, obtains encrypted feature information；It is encrypted to obtain the second signature by the second private key pair encryption characteristic information；It will encryption Characteristic information and the second signature transmission are to the application program run in local general areas.Sending module 804 is also used to pass through Encrypted feature information and the second signature are sent to authentication server by application program；Encrypted feature information and the second signature are for referring to Show that authentication server is signed according to the second public key verifications second corresponding with the second private key, it is right after the second signature is by verifying Encrypted feature information is decrypted to obtain biological information, and the biological information obtained according to decryption carries out identity and tests Card, obtains authentication result.

With reference to Fig. 9, in one embodiment, which further includes trigger module 808, in which: receives mould Block 805 be also used to by application program receive authentication server feedback according to authentication result generate resource transfers with According to.Trigger module 808, for according to resource transfers authority, triggering resource transfers operation.

In one embodiment, it obtains module 801 and is also used to obtain resource transfers number and money corresponding with accepting terminal Source recipient's account；Corresponding resource provider account is determined according to authentication result.Trigger module 808 is also used to according to money Authority and resource transfers number are shifted in source, by resource transfers corresponding in resource provider account to resource recipient's account.

Above-mentioned authentication means extract the biological information in biometric image in local security region, then Biological information is encrypted, encrypted feature information is obtained.It, will by the application program run in local general areas Encrypted feature information is transmitted to authentication server to carry out authentication, obtains authentication result.In this way, in local security area In domain, the biological information in biometric image is extracted, can be effectively prevented from calculating process by malice go-between The risk of attack.When biological information is transferred to authentication server to carry out authentication, once biological information It is to be transmitted to general areas, then carry out cryptographic operation, can effectively avoid the risk that biological information is tampered in this way, greatly The safety of authentication is improved greatly.

Figure 10 shows the internal structure chart of computer equipment in one embodiment.The computer equipment specifically can be figure Accepting terminal 120 in 1.As shown in Figure 10, it includes being connected by system bus which, which includes the computer equipment, Processor, memory, network interface and display screen.Wherein, memory includes non-volatile memory medium and built-in storage.It should The non-volatile memory medium of computer equipment is stored with operating system, can also be stored with computer program, the computer program When being executed by processor, processor may make to realize auth method.Computer program can also be stored in the built-in storage, When the computer program is executed by processor, processor may make to execute auth method.The display screen of computer equipment can To be liquid crystal display or electric ink display screen.

It will be understood by those skilled in the art that structure shown in Figure 10, only part relevant to application scheme The block diagram of structure, does not constitute the restriction for the computer equipment being applied thereon to application scheme, and specific computer is set Standby may include perhaps combining certain components or with different component layouts than more or fewer components as shown in the figure.

In one embodiment, authentication means provided by the present application can be implemented as a kind of shape of computer program Formula, computer program can be run in computer equipment as shown in Figure 10.Composition can be stored in the memory of computer equipment Each program module of the authentication means, for example, acquisition module shown in Fig. 8, extraction module, encrypted transmission module, hair Send module and receiving module.The computer program that each program module is constituted makes processor execute described in this specification Apply for the step in the auth method of each embodiment.

For example, computer equipment shown in Fig. 10 can pass through the acquisition module in authentication means as shown in Figure 8 Execute step S202.Computer equipment can execute step S204 by extraction module.Computer equipment can pass through encrypted transmission mould Block executes step S206.Computer equipment can execute step S208 by sending module.Computer equipment can pass through receiving module Execute step S210.

In one embodiment, a kind of computer equipment, including memory and processor are provided, memory is stored with meter Calculation machine program, when computer program is executed by processor, so that the step of processor executes above-mentioned auth method.This places oneself The step of part verification method, can be the step in the auth method of above-mentioned each embodiment.

In one embodiment, a kind of computer readable storage medium is provided, computer program, computer journey are stored with When sequence is executed by processor, so that the step of processor executes above-mentioned auth method.The step of auth method herein It can be the step in the auth method of above-mentioned each embodiment.

Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the program can be stored in a non-volatile computer and can be read In storage medium, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, provided herein Each embodiment used in any reference to memory, storage, database or other media, may each comprise non-volatile And/or volatile memory.Nonvolatile memory may include that read-only memory (ROM), programming ROM (PROM), electricity can be compiled Journey ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms, such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) directly RAM (RDRAM), straight Connect memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..

Each technical characteristic of above embodiments can be combined arbitrarily, for simplicity of description, not to above-described embodiment In each technical characteristic it is all possible combination be all described, as long as however, the combination of these technical characteristics be not present lance Shield all should be considered as described in this specification.

The several embodiments of the application above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously The limitation to the application the scope of the patents therefore cannot be interpreted as.It should be pointed out that for those of ordinary skill in the art For, without departing from the concept of this application, various modifications and improvements can be made, these belong to the guarantor of the application Protect range.Therefore, the scope of protection shall be subject to the appended claims for the application patent.

Claims

1. a kind of auth method, comprising:

Obtain biometric image；

The biological information is encrypted in the local security region, obtains encrypted feature information, and will be described Encrypted feature information is transmitted to the application program run in local general areas；

The encrypted feature information is sent to authentication server by the application program；The encrypted feature letter sent Breath, is used to indicate the authentication server and is decrypted to obtain biological information to the encrypted feature information, and according to solution Close obtained biological information carries out authentication and obtains authentication result；

2. the method according to claim 1, wherein the acquisition biometric image includes:

Receive video capture device to the video data of acquisition encrypt acquired enciphered video data and with the video Acquire corresponding first signature of equipment；First signature is that the video capture device regards the encryption by the first private key Frequency is according to being encrypted to obtain；

Pass through the first signature described in the first public key verifications corresponding with first private key；

After first signature verification passes through, the enciphered video data is decrypted in the local security region and obtains video Data；

The video data obtained in the local security region according to decryption, determines biometric image.

3. according to the method described in claim 2, it is characterized in that, the method also includes:

Pass through the application rollouts operation interface；

When detecting the trigger action for acting on the operation interface, video acquisition instruction is generated；

Video acquisition instruction is sent to video capture device；The video acquisition instruction is used to indicate the video acquisition Equipment acquisition includes the video data of biological characteristic.

4. the extraction biology is special the method according to claim 1, wherein described in local security region Levy the biological information in image, comprising:

In local security region, In vivo detection is carried out to the biometric image, obtains testing result；

When testing result expression recognizes living body, the biological information in the biometric image is extracted.

5. according to the method described in claim 4, it is characterized in that, described in local security region, to the biological characteristic Image carries out In vivo detection, obtains testing result, comprising:

In local security region, is extracted by the convolutional layer of identification model and characterize biological characteristic in the biometric image Characteristic pattern；

By the full articulamentum of the identification model, classifies according to the characteristic pattern to the biometric image, obtain The biometric image is the confidence level of living body biological image；The confidence level indicates to recognize the probability of living body；

When the confidence level is greater than or equal to confidence threshold value, then determine to recognize living body.

6. the method according to claim 1, wherein the biometric image includes facial image；The life Object characteristic information includes face location information, target face depth map and target face cromogram；It is described in local security region In, extract the biological information in the biometric image, comprising:

In local security region, the human face characteristic point in the facial image is identified, obtains face location information；

Determine the candidate face depth map and candidate face cromogram for including in the facial image；

Noise reduction process is carried out to the candidate face depth map, obtains target face depth map；

The target face cromogram for meeting preset condition is filtered out from the candidate face cromogram.

7. according to the method described in claim 6, it is characterized in that, the encrypted feature information sent is used to indicate described test Card server is decrypted the encrypted feature information to obtain the face location information, target face depth map and target person Face cromogram, and indicate that the authentication server is colored to the face location information, target face depth map and target face Figure is handled, and face feature vector is obtained, and the face feature vector is compared with face feature vector sample, is obtained Authentication result.

8. the method according to claim 1, wherein described special to the biology in the local security region Reference breath is encrypted, and obtains encrypted feature information, and the encrypted feature information is transmitted to and runs on local general areas In application program, comprising:

The biological information is encrypted in the local security region, obtains encrypted feature information；

The encrypted feature information is encrypted to obtain the second signature by the second private key；

By the encrypted feature information and second signature transmission to the application program run in local general areas；

It is described that the encrypted feature information is sent to by authentication server by the application program, comprising:

The encrypted feature information and the second signature are sent to authentication server by the application program；

The encrypted feature information and the second signature are used to indicate the authentication server according to corresponding with second private key Second signature described in second public key verifications is decrypted the encrypted feature information after second signature is by verifying Biological information is obtained, and the biological information obtained according to decryption carries out authentication, obtains authentication result.

9. method according to any one of claim 1 to 8, which is characterized in that the method also includes:

Turned by the resource generated according to the authentication result that the application program receives the authentication server feedback Move authority；

According to the resource transfers authority, resource transfers operation is triggered.

10. according to the method described in claim 9, the method is also it is characterized in that, the method is executed by accepting terminal Include:

Obtain resource transfers number and resource recipient's account corresponding with the accepting terminal；

Corresponding resource provider account is determined according to the authentication result；

It is described according to the resource transfers authority, trigger resource transfers operation, comprising:

According to the resource transfers authority and the resource transfers number, resource corresponding in the resource provider account is turned Move to the resource recipient account.

11. a kind of authentication means, which is characterized in that described device includes:

Module is obtained, for obtaining biometric image；

Encrypted transmission module is encrypted for encrypting in the local security region to the biological information Characteristic information, and the encrypted feature information is transmitted to the application program run in local general areas；

Sending module, for the encrypted feature information to be sent to authentication server by the application program；The institute of transmission Encrypted feature information is stated, the authentication server is used to indicate and the encrypted feature information is decrypted to obtain biological characteristic letter Breath, and the biological information obtained according to decryption carries out authentication and obtains authentication result；

Receiving module, for receiving the authentication result of the authentication server feedback by the application program.

12. device according to claim 11, which is characterized in that the extraction module is also used in local security region In, In vivo detection is carried out to the biometric image, obtains testing result；When testing result expression recognizes living body When, extract the biological information in the biometric image.

13. device according to claim 11, which is characterized in that the biometric image includes facial image；It is described Biological information includes face location information, target face depth map and target face cromogram；The extraction module is also used In in local security region, the human face characteristic point in the facial image is identified, obtains face location information；It determines The candidate face depth map and candidate face cromogram for including in the facial image；The candidate face depth map is dropped It makes an uproar processing, obtains target face depth map；The target face for meeting preset condition is filtered out from the candidate face cromogram Cromogram.

14. a kind of computer readable storage medium is stored with computer program, when the computer program is executed by processor, So that the processor is executed such as the step of any one of claims 1 to 10 the method.

15. a kind of computer equipment, including memory and processor, the memory is stored with computer program, the calculating When machine program is executed by the processor, so that the processor is executed such as any one of claims 1 to 10 the method Step.